ACL Commands
OL-32830-01 Command Line Interface Reference Guide 114
4
information-reply, address-mask-request, address-mask-reply, traceroute,
datagram-conversion-error, mobile-host-redirect,
mobile-registration-request, mobile-registration-reply,
domain-name-request, domain-name-reply, skip, photuris. (Range: 0–255)
•
icmp-code
—Specifies an ICMP message code for filtering ICMP packets.
(Range: 0–255)
•
igmp-type
—IGMP packets can be filtered by IGMP message type. Enter a
number or one of the following values: host-query, host-report, dvmrp, pim,
cisco-trace, host-report-v2, host-leave-v2, host-report-v3. (Range: 0–255)
•
destination-port
—Specifies the UDP/TCP destination port. You can enter
range of ports by using hyphen. E.g. 20 - 21. For TCP enter a number or one
of the following values: bgp (179), chargen (19), daytime (13), discard (9),
domain (53), drip (3949), echo (7), finger (79), ftp (21), ftp-data (20), gopher
(70), hostname (42), irc (194), klogin (543), kshell (544), lpd (515), nntp (119),
pop2 (109), pop3 (110), smtp (25), sunrpc (1110, syslog (514), tacacs-ds
(49), talk (517), telnet (23), time (37), uucp (117), whois (43), www (80). For
UDP enter a number or one of the following values: biff (512), bootpc (68),
bootps (67), discard (9), dnsix (90), domain (53), echo (7), mobile-ip (434),
nameserver (42), netbios-dgm (138), netbios-ns (137), on500-isakmp (4500),
ntp (123), rip (520), snmp (161), snmptrap (162), sunrpc (111), syslog (514),
tacacs-ds (49), talk (517), tftp (69), time (37), who (513), xdmcp (177).(Range:
0–65535).
•
source-port
—Specifies the UDP/TCP source port. Predefined port names
are defined in the destination-port parameter. (Range: 0–65535)
• match-all
list-of-flags
—List of TCP flags that should occur. If a flag should be
set, it is prefixed by “+”. If a flag should be unset, it is prefixed by “-”.
Available options are +urg, +ack, +psh, +rst, +syn, +fin, -urg, -ack, -psh, -rst,
-syn and -fin. The flags are concatenated to a one string. For example:
+fin-ack.
• time-range-name—Name of the time range that applies to this permit
statement. (Range: 1–32)
• log-input—Specifies sending an informational SYSLOG message about the
packet that matches the entry. Because forwarding/dropping is done in
hardware and logging is done in software, if a large number of packets
match an ACE containing a log-input keyword, the software might not be
able to match the hardware processing rate, and not all packets will be
logged.
To Next Page
Loading...
Need help?
General
